CDH Kerberos启动后hue报错Couldn‘t renew kerberos ticket
文章目录
- 一、环境说明
- 1、系统环境:centos7.7
- 2、cloudera manager版本:6.3.2
- 3、hue版本:4.2.0
- 二、报错情况,Kerberos安装完成重启后错误
- 三、解决方法
- 1、cdh-cm-v01添加
- 2、分发到其它节点
- 3、cdh-ipa-v01添加
- 4、重启freeIPA服务
- 5、重启hue服务,hue正常运行
- default_ccache_name = KEYRING:persistent:%{uid}
一、环境说明
1、系统环境:centos7.7
2、cloudera manager版本:6.3.2
3、hue版本:4.2.0
二、报错情况,Kerberos安装完成重启后错误
三、解决方法
1、cdh-cm-v01添加
vi /etc/krb5.conf
[root@cdh-cm-v01 ~]# vi /etc/krb5.conf
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = YUNES.COM
dns_lookup_realm = false
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
udp_preference_limit = 0
# default_ccache_name = KEYRING:persistent:%{uid}
default_ccache_name = FILE:/tmp/krb5cc_%{uid}
[realms]
YUNES.COM = {
max_renewable_life = 7d 0h 0m 0s
kdc = cdh-ipa-v01.yunes.com:88
master_kdc = cdh-ipa-v01.yunes.com:88
admin_server = cdh-ipa-v01.yunes.com:749
default_domain = yunes.com
pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
}
[domain_realm]
.yunes.com = YUNES.COM
yunes.com = YUNES.COM
cdh-ipa-v01.yunes.com = YUNES.COM
[dbmodules]
YUNES.COM = {
db_library = ipadb.so
}
[plugins]
certauth = {
module = ipakdb:kdb/ipadb.so
enable_only = ipakdb
2、分发到其它节点
cd ~/scripts/
./sync_to_all_node.sh /etc/krb5.conf /etc/
[root@cdh-cm-v01 ~]# cd scripts/
[root@cdh-cm-v01 scripts]# ./sync_to_all_node.sh /etc/krb5.conf /etc/
/etc/krb5.conf
/etc/
cdh-cm-v01.yunes.com
---------------------------------------------------------
Begin sync file from cdh-cm-v01.yunes.com:/etc/krb5.conf to AllCusterNode, Please waitting...
Sync file from /etc/krb5.conf to cdh-master-v01.yunes.com:/etc/
krb5.conf 100% 1043 1.5MB/s 00:00
Sync file from /etc/krb5.conf to cdh-master-v02.yunes.com:/etc/
krb5.conf 100% 1043 1.3MB/s 00:00
Sync file from /etc/krb5.conf to cdh-datanode-v01.yunes.com:/etc/
krb5.conf 100% 1043 1.3MB/s 00:00
Sync file from /etc/krb5.conf to cdh-datanode-v02.yunes.com:/etc/
krb5.conf 100% 1043 1.1MB/s 00:00
Sync file from /etc/krb5.conf to cdh-datanode-v03.yunes.com:/etc/
krb5.conf 100% 1043 1.3MB/s 00:00
Sync file from /etc/krb5.conf to cdh-client-v01.yunes.com:/etc/
krb5.conf
3、cdh-ipa-v01添加
vi /etc/krb5.conf
[root@cdh-ipa-v01 ~]# vi /etc/krb5.conf
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = YUNES.COM
dns_lookup_realm = false
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
udp_preference_limit = 0
# default_ccache_name = KEYRING:persistent:%{uid}
default_ccache_name = FILE:/tmp/krb5cc_%{uid}
[realms]
YUNES.COM = {
max_renewable_life = 7d 0h 0m 0s
kdc = cdh-ipa-v01.yunes.com:88
master_kdc = cdh-ipa-v01.yunes.com:88
admin_server = cdh-ipa-v01.yunes.com:749
default_domain = yunes.com
pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
}
[domain_realm]
.yunes.com = YUNES.COM
yunes.com = YUNES.COM
4、重启freeIPA服务
ipactl restart
[root@cdh-ipa-v01 ~]# ipactl restart
Restarting Directory Service
Restarting krb5kdc Service
Restarting kadmin Service
Restarting named Service
Restarting httpd Service
Restarting ipa-custodia Service
Restarting ntpd Service
Restarting pki-tomcatd Service
Restarting ipa-otpd Service
Restarting ipa-dnskeysyncd Service
ipa: INFO: The ipactl command was successful
5、重启hue服务,hue正常运行
[root@cdh-ipa-v01 ~]# vi /etc/krb5.conf
includedir /etc/krb5.conf.d/
includedir /var/lib/sss/pubconf/krb5.include.d/[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log[libdefaults]
default_realm = YUNES.COM
dns_lookup_realm = false
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
udp_preference_limit = 0default_ccache_name = KEYRING:persistent:%{uid}
default_ccache_name = FILE:/tmp/krb5cc_%{uid}
[realms]
YUNES.COM = {
max_renewable_life = 7d 0h 0m 0s
kdc = cdh-ipa-v01.yunes.com:88
master_kdc = cdh-ipa-v01.yunes.com:88
admin_server = cdh-ipa-v01.yunes.com:749
default_domain = yunes.com
pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
}[domain_realm]
.yunes.com = YUNES.COM
yunes.com = YUNES.COM
cdh-ipa-v01.yunes.com = YUNES.COM[dbmodules]
YUNES.COM = {
db_library = ipadb.so
}[plugins]
certauth = {
module = ipakdb:kdb/ipadb.so
enable_only = ipakdb